Some years ago, I was working on a software company that used some copyrighted JAR dependencies that they had bought from a medium-size obscure private company for a very expensive price.

After some time using their JARs, I figured out that most of the content was a GPL'd software that they repackaged, obfuscated, encrypted and started to sell as if they made it.

This is clearly a violation of the GPL terms (don't remember if it was GPL v2 or v3, but it is still a violation regardless of that). However, no one seems to care and I never heard about some lawyer suing somebody who is not a giant global player like Microsoft or Google due to GPL violation.

Further, how would I prove that there was a GPL violation, since the software was obfuscated, encrypted and can't be legally acquired easily? Further, who should/could sue them and how? Since I can't answer those positively, I might sadly conclude that GPL restrictions can't be enforced in practice and thus are just empty words.

I know that this question deeply depends on the country and regional laws, but I expect that answers might give some light about what may happen in practice in most place of the world about this.

3 Answers
3

If you do not own the copyright on the software whose license is being infringed:

It is not up to you to prove there was a GPL violation. It is not up to you to enforce the license of software for which you do not own the copyright. None of your rights are being infringed, so you have no standing to take legal action against the copyright infringement. As a practical matter, how can you be sure that the owner of the GPL-licensed software did not allow this other vendor to use it under a separate agreement? It is possible that the other software vendor could have purchased a separate license from the owner.

The best thing you can do is to bring the issue to the attention of the copyright holder, who has the exclusive right to take legal action. If they want to take legal action, they can; if they don't want to, that's their decision to make.

In this case, since the seller took unfair advantage by lying about the authorship of the software during the sale, your company may be able to take legal action for fraud. (But I'm not a lawyer and couldn't say for sure.) Note that this is different from legal action for the GPL violation itself: you would take legal action for the seller's deceit that caused you harm, rather than the seller's infringement of the original author's copyright (which has harmed only the author, not you). This is no different from how it would work for any other software, open or proprietary.

If you do own the copyright on the software whose license is being infringed:

Your copyright is being infringed, and you are entitled to take legal action. For assistance, you can contact the Free Software Foundation with details about the infringement. They state on their page about Violations of the GNU Licenses:

The FSF acts on all GPL violations reported on FSF copyrighted code, and we offer assistance to any other copyright holder who wishes to do the same.

Since the FSF has a social interest in teaching people to respect free software licenses (especially the GPL, which they authored), they offer some degree of assistance in taking legal action against offenders. There may, of course, still be significant cost to you, depending on how much aid the FSF can afford to give, but the FSF is far and away your best starting point.

So far, I have three good answers. But since I can accept only one, I will wait a bit to calmly decide which one should I accept.
– Victor StafusaJun 23 '15 at 19:54

2

"you have no standing to take legal action" - if they really haven't got another license for the code then their actions are illegal. Selling pirated software to businesses is copyright infringement and deliberately selling a fake software license 'for a very expensive price' is fraud. The rights they are claiming to sell are invalid and they know it. Legally speaking, passing off GPL software as your own closed product is no different to passing off any other proprietary software.
– bainJul 8 '15 at 13:47

1

@bain I've edited the end of the third section to talk about the possibility of fraud, and how it is different from the GPL violation itself. If you have any references about relevant fraud law(s), I'd love to include further information about it in my answer.
– apsillers♦Jul 8 '15 at 14:04

2

"we add our own special sauce and make it proprietary" - any claim that they made GPL software proprietary would be fraud. They can't tell their customers that they've done something that isn't legally possible. It would be like selling pirated copies of Windows and telling your customers that it's legit because you changed the copyright to public domain. You don't have the legal right to do that, so selling something based on the claim that you did it is fraud.
– bainJul 8 '15 at 15:03

1

Fraud laws depend on jurisdiction but are usually broad because there are so many possible ways to defraud someone. A typical definition would be "abuse of position, or false representation, or prejudicing someone's rights for personal gain".
– bainJul 8 '15 at 15:07

The first step in any legal issues is to notify relevant people. Initially, you should notify the copied project's owner. Since you weren't part of the team, you don't know whether the owner made an exception for this case or not. The theory is that the owner should deal with their own copyright.

If the owner completely ignores you, then after a reasonable period of time you could send a polite email to the offending party, stating that you've noticed they're doing X which is against the license terms and asking if there's some reason you haven't noticed. This achieves the effect of telling the offender that someone has noticed they're doing something wrong (if they are), and gives them a chance to stop; or it gives them the chance to explain that actually, what they're doing is perfectly legitimate.

If the software isn't yours, it's not your job to initiate any legal proceedings against the offending party, so leave that battle for those who should do it.

When you release your software under the GPL, it means you give anyone a license to use your software under some terms and agreements. If somebody violates the agreement, they are in breach of contract with you.

This means you can sue them in a court of law. Depending on how principled you are this may or may not be worth it. Damages rewarded are typically low. Few start actual lawsuits, though for example busybox has been known to persue their copyrights.

You can contact the owners of the copyright who originally licensed the software under the GPL, and whatever action they choose to pursue further is their prerogative. They might take action, or they might allow them to go ahead and use their product in the way it is used now. They own the copyright, they get to decide what happens.